dogtagpki

Clone
Source Code
GIT

#2244 Fine-grained installation steps
Closed: migrated 3 years ago by dmoluguw. Opened 8 years ago by edewata.

Closed: migrated
Reopen Issue

Currently the customization that can be done during install is limited to the parameters that are supported by pkispawn. Sometimes it is necessary to modify some other files to change the behavior of the server during install, for example:

  • changing debug level (ticket #1349)
  • customizing certificate profile (ticket #2224)

Right now those changes have to be done in /usr/share/pki so pkispawn will pick up the changes during install. The problem is those files are not supposed to be modified directly since they are owned by the package and shared system-wide.

Rather than creating new pkispawn parameters for everything, it would be better to provide commands to run the installation in smaller steps, for example:

  • pki-server instance-create will create the instance folder and copies the files from /usr/share/pki
  • pki-server instance-start will start the instance
  • pki-server instance-configure will call the configuration servlet

This way someone can run pki-server instance-create, customize the files in the new instance, then continue with the installation. The pkispawn will continue to work as before but it can be refactored to use the above commands.

Other tickets that might benefit from fine-grained installation steps:

  • customizing serial number ranges (#2278)
  • migrating existing data (#2279)
  • customizing cipher list (#1644)
  • customizing access log (#769)

As an alternative solution, the pkispawn can be enhanced to stop at/start from certain scriptlet. See the following example:

$ pkispawn -f ca.cfg -s CA --stop-at subsystem_layout     (copy instance files)
$ vi /var/lib/pki/pki-tomcat/conf/server.xml              (customize cipher list)
$ pkispawn -f ca.cfg -s CA --start-from subsystem_layout  (continue the installation)

In the above example the custom cipher list can be customized without having to add a new pkispawn property. It also allows other customization without additional changes in pkispawn.

Most of the above tickets can be addressed with the existing mechanism
(see http://pki.fedoraproject.org/wiki/Custom_Installation). The LDIF import feature will not be implemented in favor of post-install import. The fine-grained might still be required to support pre-install import (e.g. for restoring a backup) and other advanced customization.

Fine-grained installation steps would also help avoid restarting the installation from beginning (e.g. regenerating and re-signing the CSR): https://bugzilla.redhat.com/show_bug.cgi?id=1346433

Metadata Update from @edewata:
- Issue set to the milestone: 10.4
7 years ago

Metadata Update from @edewata:
- Custom field feature adjusted to ''
- Custom field proposedmilestone adjusted to ''
- Custom field proposedpriority adjusted to ''
- Custom field reviewer adjusted to ''
- Custom field version adjusted to ''
- Issue close_status updated to: None
- Issue set to the milestone: FUTURE (was: 10.4)
7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2364

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
critical
None
None
None
enhancement
''
None
None
None
''
Community
''
None
None
None
None
''
Installation/Configuration
''
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.